> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ankra.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Registry Credentials

> Authenticate Ankra with Helm chart registries and container registries (HTTP and OCI).

Registry credentials authenticate with Helm chart repositories and container registries. They're used when syncing charts from private registries.

## Creating a Registry Credential

<Steps>
  <Step title="Navigate to Credentials">
    Go to **Credentials** in the Ankra dashboard.
  </Step>

  <Step title="Add Credential">
    Click **Add** and select **Registry** as the provider type.
  </Step>

  <Step title="Enter Details">
    * **Name**: a unique identifier (e.g., `ghcr-auth`, `harbor-prod`)
    * **Username**: your registry username
    * **Password**: your registry password or access token
  </Step>

  <Step title="Save">
    Click **Create** to securely store the credential.
  </Step>
</Steps>

## Provider-Specific Setup

<AccordionGroup>
  <Accordion title="GitHub Container Registry (GHCR)">
    **Create a Personal Access Token:**

    1. Go to GitHub → Settings → Developer settings → Personal access tokens
    2. Generate a token with `read:packages` scope
    3. For pushing charts, also add `write:packages`

    **Credential values:**

    * Username: your GitHub username
    * Password: the Personal Access Token
  </Accordion>

  <Accordion title="Google Artifact Registry">
    **Create a Service Account:**

    1. Go to Google Cloud Console → IAM → Service Accounts
    2. Create a new service account
    3. Grant "Artifact Registry Reader" role
    4. Create and download a JSON key

    **Credential values:**

    * Username: `_json_key`
    * Password: the entire JSON key file contents
  </Accordion>

  <Accordion title="Amazon ECR">
    **Get an auth token:**

    ```bash theme={null}
    aws ecr get-login-password --region us-east-1
    ```

    **Credential values:**

    * Username: `AWS`
    * Password: the token from the command above

    <Warning>
      ECR tokens expire after 12 hours. For production, consider using IAM roles or refresh the token regularly.
    </Warning>
  </Accordion>

  <Accordion title="Azure Container Registry">
    **Create a Service Principal:**

    ```bash theme={null}
    az ad sp create-for-rbac --name ankra-acr-reader \
      --scopes /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ContainerRegistry/registries/{registry} \
      --role acrpull
    ```

    **Credential values:**

    * Username: the `appId` from the output
    * Password: the `password` from the output
  </Accordion>

  <Accordion title="Docker Hub">
    **Create an Access Token:**

    1. Go to Docker Hub → Account Settings → Security
    2. Create a new Access Token with Read permissions

    **Credential values:**

    * Username: your Docker Hub username
    * Password: the Access Token (not your password)
  </Accordion>

  <Accordion title="Harbor">
    **Use a robot account (recommended):**

    1. Go to your Harbor project → Robot Accounts
    2. Create a new robot account with pull permissions

    **Credential values:**

    * Username: `robot$project+name` (the robot account name)
    * Password: the robot account secret
  </Accordion>

  <Accordion title="JFrog Artifactory">
    **Create an API Key or Access Token:**

    1. Go to User Profile → Edit Profile
    2. Generate an API Key or create an Access Token

    **Credential values:**

    * Username: your Artifactory username
    * Password: the API Key or Access Token
  </Accordion>
</AccordionGroup>

## Using Registry Credentials

When adding a registry, select the credential to use for authentication:

1. Go to **Charts** → **Repositories** → **Add**
2. Enter the registry URL
3. Select the credential from the dropdown
4. Click **Add**

Ankra will use the credential when syncing charts from the registry. See [Registries](/guides/registries) for more.
